CVE-2012-3547

2012-09-1817:55:07

CWE-119

redhat

web.nvd.nist.gov

cve-2012-3547

freeradius

buffer overflow

denial of service

remote code execution

nvd

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.067

Percentile

93.9%

JSON

Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long “not after” timestamp in a client certificate.

Affected configurations

Nvd

Node

freeradiusfreeradiusMatch2.1.10

freeradiusfreeradiusMatch2.1.11

freeradiusfreeradiusMatch2.1.12

VendorProductVersionCPE
freeradiusfreeradius2.1.10cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
freeradiusfreeradius2.1.11cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
freeradiusfreeradius2.1.12cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
freeradius	freeradius	2.1.10	cpe:2.3:a:freeradius:freeradius:2.1.10:::::::*
freeradius	freeradius	2.1.11	cpe:2.3:a:freeradius:freeradius:2.1.11:::::::*
freeradius	freeradius	2.1.12	cpe:2.3:a:freeradius:freeradius:2.1.12:::::::*